Posts by Mark Morgan

Re: VbV

Yes it does. It depends on the card issuer. One of my cards Verified by Visa asks for the full password the other asks for random characters.

My biggest gripe with it is that it responds "no that is not your password", you shout at it "yes it is". Select change password; Answer some staggeringly easy questions (you know, like mother's maiden name and postcode) and set your new password and it says "you've used that one before you can't have it" - at which point you punch the screen shouting "that's the bloody one I was entering before". You just end up in a loop resetting your password every single time you're forced to use it.

Verified by Visa is just the banks attempting to offload their fraud liabilities on to the retailer.

Re: Santander must also not be hashing passwords

Santander 'upgraded' (NOT!) their security. Old Santander accounts require customer ID, full passcode and full registration number. Accounts opened in the last couple of years required customer ID and three random characters from the passcode and three random characters from the registration number.

So they must be storing them using reversible encryption. and to make it look like they beefed up security they just changed the front end. No changes have gone into the way the data is stored.

What do customers do when presented with three random character shite? They chose simpler passwords don't they? No point in trying to use a 20-character random generated one when they pull this crap on you.

I don't use the Santander mobile app so can't speak for that one.

The Tesco's one is worse. The three random characters required by Santander are in fields named in the HTML as x1, x2, x3 and the three characters random are annoyingly not in order either. The Tesco's site asks for the username (not email address), full password (good) but the three random characters of the security number are presented and named as x1, x2, x3, x4, x5, x6 with the three you don't have to enter greyed out.

Re: We need a good backup solution

Multiple backups is what is needed. But a NAS device alone only defends you against HD crashes and not disasters that take out all of the IT kit in your house which is where the cloud comes in. But remember too that neither are fully secure as Cryptolocker would encrypt your cloud storage and NAS drives if it detected them mounted as a network share in Windows. Synology NAS devices have been hit by a Cryptolocker clone - Synolocker - when they had been opened up for internet access and we've all heard what happened to celebrity's iClouds recently and unconfirmed mentions of Dropbox contents being amongst the celebrity files doing the rounds too.

Re: High handed google again!

I suspect you didn't "leave Youtube" as you put it but in fact deleted your Google account. Your Youtube, Picasa, Panoramio, Google+ and Google account are all one and the same these days. Only the Google Mail account is separated as you can delete that without deleting your Google account.

I predict massive overblocking

If it's anything like the blocking that I've accidentally switched on on my Orange (EE) phone (and can't switch off without a credit reference check to prove I'm 18 - even though I've been paying by direct debit for 13-years and you can't have direct debits on an account until you are 18 - or showing my passport in an Orange shop) then it'll be pants and block everything in sight. For instance in the last week I've had blocks on Tesco and the whole of CNET.

Re: Annoying promotions

I can't remember which channel it is that does it but there's a couple that regularly put adverts for the next episode of the programme you are watching in the ad breaks within the programme which can end up being huge plot spoilers for the current episode!

Re: quiet coaches

I seem to remember years ago talk of the new Pendolino's having a Faraday Cage built in to the quiet carriage. Nothing came of it probably due to cost rather than illegality. Can't find an article about that but found this later one which is interesting http://www.theregister.co.uk/2008/10/30/faraday_train_windows/

Doubt it'll be coming my way soon either. Live in a village so everyone is wired directly to the exchange and no cabinets are around.

Exchange itself gets on to backbone via local town 5-miles away, I believe, which has been upgraded and is 'Accepting Orders'. I'm guessing that it is fibre between the exchanges anyway and the village exchange would need new equipment in it for me to get it. SamKnows gives a figure of around 700 premises for the exchange so not sure it would ever be a target.

Although my router claims to sync at 8Mbps (numerous speeds tests have been all over the place with the best being around 6.5Mbps but regularly down below 2Mbps) but trying to watch iPlayer or YouTube ends up frequently buffering and iPlayer drops out claiming not enough bandwidth.

Re: @ Irongut

""Would you prevent a family having separate accounts on the same CC" ? - Yes, absolutely."

Why? This is a PITA. Some credit card companies issue additional cards against the primary card holder's account with exactly the same 16-digit card number, start date, expiry date and even CVV2 number - Tesco Visa I'm looking at you. Which means on the few websites which do check for this then my wife can't use her credit card if I have an account on the site too e.g. Paypal. Thankfully many credit card companies, Barclaycard included, issue additional cards against the primary card holders account with a different 16-digit number.

Re: Too much security too often?

"Most of my online banking consists of checking the balance and sending money to exactly the same set of people."

That certainly used to be the case but with cheques being phased out everybody you used to pay by cheque - builders, plumbers, electricians, etc - now need you to use the Fast Payment System (FPS - BACS on steroids) to transfer money to their account. But the banks now have you jumping through hoops just to add a payee making your life difficult.

I initially though my Natwest card reader device was a neat idea but they then stopped me using it for both my business account and personal accounts and before long I've ended up with five of the beeldin' readers in the drawer, a special transaction card just to use for my business and no idea which is the right reader for what. I'd have to say that the Halifax Intelligent Finance way of doing it by giving you half a code online then texting you the other half is a lot easier.

Year 4000

We'll have even more problems come the year 4000 (ye olde Y4K problem) when we realise that we should have adopted John Herschel's 4000-year leap year rule because we'll end up a whole day ahead when we add a leap day that we shouldn't.

Starbucks have had free Wi-Fi for ages

I've been using Starbucks free Wi-Fi for a couple of years. You just register a Starbucks card on their website. When you fire up the laptop, connect to the Starbucks BT Openzone hotspot and fire up the browser. You end up on a BT Openzone landing page with a Starbucks login option - no need to sign up to Openzone.

The only time I tried a JD Wetherspoons hotspot the laptop couldn't handshake with the router.

Data security

These wear levelling algorithms for flash drives is why it's very difficult to securely earse data from one. Use something like Heidi Eraser on a file on a flash drive and you can still recover it as the wear levelling has written the zeros / random data to another part of the drive and marked the file's sectors for reuse and later garbage collection. I believe the only way around it is to securely erase the whole drive and not just individual files.

Google Toolbar

I don't see anyone complaining that their Google Toolbar running in Firefox has been updated silently by the Google Updater.

I think it's great the way Google Updater silently updates all Google its products in the background and doesn't even require a reboot every time. Adobe and Microsoft take note! The only reason I know Chrome has been updated is because Secunia PSI tells me.

I just wish the lot of them would get together and make one Über 'Windows' update that did the lot for every product that registers wih the update service.

Not Google's fault

This is clearly the fault of the Florida Sun-Sentinel not dating their articles correctly (bad website design), the news agency who picked up on it and didn't check before writing their tag line and posting it and the traders who accepted it all on blind faith and it didn't ring bells as being somewhat familiar.

I used to run a blog where I trawled news using custom RSS feeds from Google News. I used to see this sort of thing all of the time and it was always the same websites not dating their articles correctly, if at all. The key thing for me was I applied some common sense and could spot the rouge stories and didn't post them to my blog.

RE: Very simple if you read the docs

"<META NAME="ROBOTS" CONTENT="NOARCHIVE">

..mines the one with "Read the manual" on the back."

Indeed. There was a good case a couple of years ago where a Belgian newspaper company, Copiepresse - covering several countries, sued Google for making their copyrighted, paid-for, content available in their cache. Google didn't show at the court hearing and the judge ordered Google to remove all of the companies newspapers from the site. So, Google obeyed and removed the lot from the entire search index effectively wiping them off the net.

Eventually the papers saw the idiocy in their ways fixed their headers and asked Google nicely to reindex them.

Microsoft patches not applied

I've got two (out of four) machines at home that are knackered if I enabled the Windows Automatic Updates service - a known issue apparantly. One, a desktop, the processor hits 100%, on the svchost.exe process that is running the service, and stays there. The other, a laptop, freezes completely. So off I pop to the Windows Update website to download the updates manually and it complains that the service is disabled! Argh!

I have a daughter who spends her life on Bebo, MySpace and MSN and my ZoneAlarm Security Suite has found that virus numerous times now.